package com.athay.diary.controller;


import com.athay.diary.dto.response.CommonResult;
import com.athay.diary.entity.User;
import com.athay.diary.service.UserService;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;

import java.util.List;

@RestController
@RequestMapping("/api/admin/user")
@PreAuthorize("hasRole('ADMIN')") // 仅管理员可访问
public class UserController {

    private final UserService userService;

    public UserController(UserService userService) {
        this.userService = userService;
    }

    // 获取所有用户（管理员）
    @GetMapping("/list")
    public CommonResult<List<User>> listAllUsers() {
        return CommonResult.success(userService.list());
    }

    // 封禁/解封用户（管理员）
    @PutMapping("/ban/{userId}")
    public CommonResult banUser(
            @PathVariable Long userId,
            @RequestParam Boolean banned
    ) {
        User user = userService.getById(userId);
        if (user == null) {
            return CommonResult.error("用户不存在");
        }
        user.setBanned(banned);
        userService.updateById(user);
        return CommonResult.success(banned ? "用户已封禁" : "用户已解封");
    }
}